{"id":2963,"date":"2020-02-17T07:45:35","date_gmt":"2020-02-17T06:45:35","guid":{"rendered":"https:\/\/www.prover.com\/?p=2963"},"modified":"2025-01-13T13:21:41","modified_gmt":"2025-01-13T12:21:41","slug":"why-formal-verification-the-suitability-of-formal-verification","status":"publish","type":"post","link":"https:\/\/www.prover.com\/formal-methods\/why-formal-verification-the-suitability-of-formal-verification\/","title":{"rendered":"Why formal verification – The suitability of formal verification (part 2\/3)"},"content":{"rendered":"

Hopefully you have read part 1 on this blog<\/a>, where I tried to convince you that traditional methods will not get you very far when verifying safety requirements for railway interlockings.<\/p>\n

This time my task is to convince you that formal verification will get you far. In fact, all the way.<\/p>\n

So what is formal verification?<\/h3>\n

Well, we already know what verification means. The ‘formal’ part means ‘mathematical’. Thus, formal verification means that the verification problem is made into a mathematical problem. And since we enter the realm of mathematics, all the rigour and precision that comes with mathematics are available to us.<\/p>\n

The typical activity in mathematics is to make statements and then prove that they are true. Sounds familiar? And the proof of a mathematical statement has to be so convincing, so airtight, that any person with the proper education should agree that the statement actually is true. Of course, in practice the last part can be hard to achieve. Some parts of mathematics are notoriously difficult to understand even with a proper education. But let’s consider a classic example from arithmetic. The statement I am thinking about is as follows:<\/p>\n

1 + 2 + … + n = n(n+1)\/2.<\/em><\/strong><\/p>\n

In my mind, the most elegant way to prove this goes as follows. Write down the sum on the lefthand side twice, one under the other.<\/p>\n

1 + 2 + … + n
\nn + (n-1) + … + 1<\/em><\/strong><\/p>\n

Note that the order of the terms is reversed in the lower sum. Now here comes the trick: if we look at the columns in this expression, each column has the sum n+1. And there are n columns. Hence, the sum of all these numbers is n(n+1). What we have then is<\/p>\n

2(1 + 2 + … + n) = n(n+1),<\/em><\/strong><\/p>\n

which means that<\/p>\n

1 + 2 + … + n = n(n+1)\/2.<\/em><\/strong><\/p>\n

Isn’t that a convincing argumentation?<\/p>\n

With this example, I have tried to show you how a mathematical proof can be done and hopefully you agree that, when properly done, mathematical proofs are airtight. In fact, they are the only airtight form of proofs known. As we noted in part 1, the major snag with the verification problem is the huge size of the potential state space. Mathematics provides solutions to this as well, since all domains handled are huge, often infinite.<\/p>\n

It turns out that I only got halfway through my aspiration to convince you about the suitability of formal verification. So please wait until the next post.<\/p>\n","protected":false},"excerpt":{"rendered":"

Hopefully you have read part 1 on this blog, where I tried to convince you that traditional methods will not […]<\/p>\n","protected":false},"author":14,"featured_media":1907,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","inline_featured_image":false,"footnotes":""},"categories":[152],"tags":[72,70,88],"class_list":["post-2963","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-formal-methods","tag-formal-methods","tag-signaling-system","tag-software-development"],"yoast_head":"\nWhy formal verification - The suitability of formal verification (part 2\/3) - Prover - Engineering a Safer World<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.prover.com\/formal-methods\/why-formal-verification-the-suitability-of-formal-verification\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Why formal verification - The suitability of formal verification (part 2\/3) - Prover - Engineering a Safer World\" \/>\n<meta property=\"og:description\" content=\"Hopefully you have read part 1 on this blog, where I tried to convince you that traditional methods will not [...]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.prover.com\/formal-methods\/why-formal-verification-the-suitability-of-formal-verification\/\" \/>\n<meta property=\"og:site_name\" content=\"Prover - Engineering a Safer World\" \/>\n<meta property=\"article:published_time\" content=\"2020-02-17T06:45:35+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-01-13T12:21:41+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.prover.com\/wp-content\/uploads\/2017\/10\/gamla-stan-subway-3-700x400-1-jpg.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"700\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Daniel Fredholm\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Daniel Fredholm\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.prover.com\/formal-methods\/why-formal-verification-the-suitability-of-formal-verification\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.prover.com\/formal-methods\/why-formal-verification-the-suitability-of-formal-verification\/\"},\"author\":{\"name\":\"Daniel Fredholm\",\"@id\":\"https:\/\/prover.com\/#\/schema\/person\/ce3795414353e49a88ff8a88e4cc6e9f\"},\"headline\":\"Why formal verification – The suitability of formal verification (part 2\/3)\",\"datePublished\":\"2020-02-17T06:45:35+00:00\",\"dateModified\":\"2025-01-13T12:21:41+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.prover.com\/formal-methods\/why-formal-verification-the-suitability-of-formal-verification\/\"},\"wordCount\":405,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/prover.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.prover.com\/formal-methods\/why-formal-verification-the-suitability-of-formal-verification\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.prover.com\/wp-content\/uploads\/2017\/10\/gamla-stan-subway-3-700x400-1-jpg.webp\",\"keywords\":[\"Formal Methods\",\"Signaling System\",\"Software Development\"],\"articleSection\":[\"Formal methods\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.prover.com\/formal-methods\/why-formal-verification-the-suitability-of-formal-verification\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.prover.com\/formal-methods\/why-formal-verification-the-suitability-of-formal-verification\/\",\"url\":\"https:\/\/www.prover.com\/formal-methods\/why-formal-verification-the-suitability-of-formal-verification\/\",\"name\":\"Why formal verification - The suitability of formal verification (part 2\/3) - Prover - Engineering a Safer World\",\"isPartOf\":{\"@id\":\"https:\/\/prover.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.prover.com\/formal-methods\/why-formal-verification-the-suitability-of-formal-verification\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.prover.com\/formal-methods\/why-formal-verification-the-suitability-of-formal-verification\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.prover.com\/wp-content\/uploads\/2017\/10\/gamla-stan-subway-3-700x400-1-jpg.webp\",\"datePublished\":\"2020-02-17T06:45:35+00:00\",\"dateModified\":\"2025-01-13T12:21:41+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.prover.com\/formal-methods\/why-formal-verification-the-suitability-of-formal-verification\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.prover.com\/formal-methods\/why-formal-verification-the-suitability-of-formal-verification\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.prover.com\/formal-methods\/why-formal-verification-the-suitability-of-formal-verification\/#primaryimage\",\"url\":\"https:\/\/www.prover.com\/wp-content\/uploads\/2017\/10\/gamla-stan-subway-3-700x400-1-jpg.webp\",\"contentUrl\":\"https:\/\/www.prover.com\/wp-content\/uploads\/2017\/10\/gamla-stan-subway-3-700x400-1-jpg.webp\",\"width\":700,\"height\":400},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.prover.com\/formal-methods\/why-formal-verification-the-suitability-of-formal-verification\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.prover.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Formal methods\",\"item\":\"https:\/\/www.prover.com\/categories\/formal-methods\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Why formal verification – The suitability of formal verification (part 2\/3)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/prover.com\/#website\",\"url\":\"https:\/\/prover.com\/\",\"name\":\"Prover - Engineering a Safer World\",\"description\":\"Interlocking Design Automation to meet demand for complex digital train control\",\"publisher\":{\"@id\":\"https:\/\/prover.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/prover.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/prover.com\/#organization\",\"name\":\"Prover - Engineering a Safer World\",\"url\":\"https:\/\/prover.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/prover.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.prover.com\/wp-content\/uploads\/2023\/01\/prover-logo.svg\",\"contentUrl\":\"https:\/\/www.prover.com\/wp-content\/uploads\/2023\/01\/prover-logo.svg\",\"width\":222,\"height\":22,\"caption\":\"Prover - Engineering a Safer World\"},\"image\":{\"@id\":\"https:\/\/prover.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/prover.com\/#\/schema\/person\/ce3795414353e49a88ff8a88e4cc6e9f\",\"name\":\"Daniel Fredholm\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/136bce2d66e453ed9537a3c5e4043e39183a1eeafec92f1e9987b0c359a806f3?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/136bce2d66e453ed9537a3c5e4043e39183a1eeafec92f1e9987b0c359a806f3?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/136bce2d66e453ed9537a3c5e4043e39183a1eeafec92f1e9987b0c359a806f3?s=96&d=mm&r=g\",\"caption\":\"Daniel Fredholm\"},\"url\":\"https:\/\/www.prover.com\/author\/daniel-fredholm\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Why formal verification - The suitability of formal verification (part 2\/3) - Prover - Engineering a Safer World","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.prover.com\/formal-methods\/why-formal-verification-the-suitability-of-formal-verification\/","og_locale":"en_US","og_type":"article","og_title":"Why formal verification - The suitability of formal verification (part 2\/3) - Prover - Engineering a Safer World","og_description":"Hopefully you have read part 1 on this blog, where I tried to convince you that traditional methods will not [...]","og_url":"https:\/\/www.prover.com\/formal-methods\/why-formal-verification-the-suitability-of-formal-verification\/","og_site_name":"Prover - Engineering a Safer World","article_published_time":"2020-02-17T06:45:35+00:00","article_modified_time":"2025-01-13T12:21:41+00:00","og_image":[{"width":700,"height":400,"url":"https:\/\/www.prover.com\/wp-content\/uploads\/2017\/10\/gamla-stan-subway-3-700x400-1-jpg.webp","type":"image\/jpeg"}],"author":"Daniel Fredholm","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Daniel Fredholm","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.prover.com\/formal-methods\/why-formal-verification-the-suitability-of-formal-verification\/#article","isPartOf":{"@id":"https:\/\/www.prover.com\/formal-methods\/why-formal-verification-the-suitability-of-formal-verification\/"},"author":{"name":"Daniel Fredholm","@id":"https:\/\/prover.com\/#\/schema\/person\/ce3795414353e49a88ff8a88e4cc6e9f"},"headline":"Why formal verification – The suitability of formal verification (part 2\/3)","datePublished":"2020-02-17T06:45:35+00:00","dateModified":"2025-01-13T12:21:41+00:00","mainEntityOfPage":{"@id":"https:\/\/www.prover.com\/formal-methods\/why-formal-verification-the-suitability-of-formal-verification\/"},"wordCount":405,"commentCount":0,"publisher":{"@id":"https:\/\/prover.com\/#organization"},"image":{"@id":"https:\/\/www.prover.com\/formal-methods\/why-formal-verification-the-suitability-of-formal-verification\/#primaryimage"},"thumbnailUrl":"https:\/\/www.prover.com\/wp-content\/uploads\/2017\/10\/gamla-stan-subway-3-700x400-1-jpg.webp","keywords":["Formal Methods","Signaling System","Software Development"],"articleSection":["Formal methods"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.prover.com\/formal-methods\/why-formal-verification-the-suitability-of-formal-verification\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.prover.com\/formal-methods\/why-formal-verification-the-suitability-of-formal-verification\/","url":"https:\/\/www.prover.com\/formal-methods\/why-formal-verification-the-suitability-of-formal-verification\/","name":"Why formal verification - The suitability of formal verification (part 2\/3) - Prover - Engineering a Safer World","isPartOf":{"@id":"https:\/\/prover.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.prover.com\/formal-methods\/why-formal-verification-the-suitability-of-formal-verification\/#primaryimage"},"image":{"@id":"https:\/\/www.prover.com\/formal-methods\/why-formal-verification-the-suitability-of-formal-verification\/#primaryimage"},"thumbnailUrl":"https:\/\/www.prover.com\/wp-content\/uploads\/2017\/10\/gamla-stan-subway-3-700x400-1-jpg.webp","datePublished":"2020-02-17T06:45:35+00:00","dateModified":"2025-01-13T12:21:41+00:00","breadcrumb":{"@id":"https:\/\/www.prover.com\/formal-methods\/why-formal-verification-the-suitability-of-formal-verification\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.prover.com\/formal-methods\/why-formal-verification-the-suitability-of-formal-verification\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.prover.com\/formal-methods\/why-formal-verification-the-suitability-of-formal-verification\/#primaryimage","url":"https:\/\/www.prover.com\/wp-content\/uploads\/2017\/10\/gamla-stan-subway-3-700x400-1-jpg.webp","contentUrl":"https:\/\/www.prover.com\/wp-content\/uploads\/2017\/10\/gamla-stan-subway-3-700x400-1-jpg.webp","width":700,"height":400},{"@type":"BreadcrumbList","@id":"https:\/\/www.prover.com\/formal-methods\/why-formal-verification-the-suitability-of-formal-verification\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.prover.com\/"},{"@type":"ListItem","position":2,"name":"Formal methods","item":"https:\/\/www.prover.com\/categories\/formal-methods\/"},{"@type":"ListItem","position":3,"name":"Why formal verification – The suitability of formal verification (part 2\/3)"}]},{"@type":"WebSite","@id":"https:\/\/prover.com\/#website","url":"https:\/\/prover.com\/","name":"Prover - Engineering a Safer World","description":"Interlocking Design Automation to meet demand for complex digital train control","publisher":{"@id":"https:\/\/prover.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/prover.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/prover.com\/#organization","name":"Prover - Engineering a Safer World","url":"https:\/\/prover.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/prover.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.prover.com\/wp-content\/uploads\/2023\/01\/prover-logo.svg","contentUrl":"https:\/\/www.prover.com\/wp-content\/uploads\/2023\/01\/prover-logo.svg","width":222,"height":22,"caption":"Prover - Engineering a Safer World"},"image":{"@id":"https:\/\/prover.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/prover.com\/#\/schema\/person\/ce3795414353e49a88ff8a88e4cc6e9f","name":"Daniel Fredholm","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/136bce2d66e453ed9537a3c5e4043e39183a1eeafec92f1e9987b0c359a806f3?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/136bce2d66e453ed9537a3c5e4043e39183a1eeafec92f1e9987b0c359a806f3?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/136bce2d66e453ed9537a3c5e4043e39183a1eeafec92f1e9987b0c359a806f3?s=96&d=mm&r=g","caption":"Daniel Fredholm"},"url":"https:\/\/www.prover.com\/author\/daniel-fredholm\/"}]}},"_links":{"self":[{"href":"https:\/\/www.prover.com\/wp-json\/wp\/v2\/posts\/2963","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.prover.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.prover.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.prover.com\/wp-json\/wp\/v2\/users\/14"}],"replies":[{"embeddable":true,"href":"https:\/\/www.prover.com\/wp-json\/wp\/v2\/comments?post=2963"}],"version-history":[{"count":3,"href":"https:\/\/www.prover.com\/wp-json\/wp\/v2\/posts\/2963\/revisions"}],"predecessor-version":[{"id":20967,"href":"https:\/\/www.prover.com\/wp-json\/wp\/v2\/posts\/2963\/revisions\/20967"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.prover.com\/wp-json\/wp\/v2\/media\/1907"}],"wp:attachment":[{"href":"https:\/\/www.prover.com\/wp-json\/wp\/v2\/media?parent=2963"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.prover.com\/wp-json\/wp\/v2\/categories?post=2963"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.prover.com\/wp-json\/wp\/v2\/tags?post=2963"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}